Red Hat Enterprise Linux 4 Risk Report
Red Hat analyzed the security of the Enterprise Linux 4 Distribution.
Our servers run usually CentOS, the free available version of Red Hat Enterprise Linux. About a third of our hardware runs with this version, others with version 5. Usually the servers are additionally virtualized, so the hardware and the virtual servers may run both versions (4 with 5 or 5 with 4).
Relevant for the security of our systems with EL 4 are the numbers in Table 4, especially the lines with openssh and sendmail. They show, that each critical security issue was fixed within less than one day. The other numbers concern software not installed on our systems.
Table 9 shows "Exploits for flaws in servers and services". In this table we were concerned only with line 4 and 8 (BIND und MySQL).
One of the conclusions in the article:
"Two worms targeting Linux systems were found during the four years, but both affected third party PHP applications not shipped in Red Hat Enterprise Linux 4."
Risk Report - Four Years of Red Hat Enterprise Linux 4
